Systems Engineer/PKI SME

About NDi:

Network Designs, Inc. (NDi) is a leading Federal contractor that specializes in designing, developing, and delivering information technology and network solutions for government customers. Founded in 1985, NDi's firmly defined core values have driven all aspects of the business, which have been paramount to our company's success and the establishment of an enjoyable workplace atmosphere. At NDi, we believe that our people are the cornerstone of our success, and we value collaboration, career growth, and winning ideas. Military Veterans Encouraged to Apply.

Job Description:

The PKI SME (Public Key Infrastructure Subject Matter Expert) will play a critical role in designing, implementing, and managing secure PKI solutions for our customers' National Security System. This role requires deep expertise in certificate authority management, certificate lifecycle automation, and cryptographic hardware security. The PKI SME will work closely with cybersecurity, network, and system engineering teams to ensure secure authentication, encryption, and access control across classified and unclassified environments. The PKI SME will be responsible for securing the remote access and classified communication infrastructure, ensuring robust encryption, secure identity validation, and compliance with federal security mandates. This position is vital to the success of the system deployment supporting classified and unclassified authentication, secure communications, and Zero Trust implementation.

Requirements:

• U.S Citizenship required.
• This role is fully onsite (5days / week) in Washington DC.
• Occasional travel will also be required to data centers and field offices.
• Current Top-Secret Clearance with the capability of obtaining SCI / CI Poly

Qualifications and Experience:

• Bachelor's degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).
• 10 years of experience in PKI, certificate management, and enterprise authentication.
• Extensive experience with Microsoft CA (Active Directory Certificate Services - ADCS).
• Hands-on experience deploying and managing Thales HSMs or similar hardware security modules.
• Expertise in certificate lifecycle automation and integration with security policies.
• Familiarity with MDM solutions for certificate enrollment and authentication (e.g., Archon Manager, Purebred, or similar).
• Strong background in network security, TLS/SSL, and secure authentication protocols.

Responsibilities:

PKI Architecture & Implementation:

• Design and manage Microsoft Certificate Authority (CA) services, including Active Directory Certificate Services (ADCS)

• Implement certificate validation and lifecycle management policies to ensure secure remote access and endpoint authentication.
• Integrate PKI with enterprise authentication systems, mobile device management (MDM) platforms, and secure endpoint solutions.

HSM (Hardware Security Module) Management:

• Deploy, configure, and maintain Thales Hardware Security Modules (HSMs) to protect private keys and cryptographic operations.
• Ensure compliance with FIPS 140-2/140-3 standards and NSA CSfC requirements.

• Support key backup, recovery, and rotation procedures for cryptographic key management.

Certificate Lifecycle Management:

• Automate certificate issuance, renewal, and revocation processes to maintain high availability and compliance.

• Implement solutions for certificate monitoring, reporting, and auditing to meet security policies.

• Work with endpoint security teams to enforce certificate-based authentication for issued devices.

MDM & Secure Mobility Integration (Preferred):

• Integrate PKI with Mobile Device Management (MDM) solutions, such as Archon Manager, Purebred, or other CSfC-compliant platforms.
• Provide technical expertise on mobile certificate enrollment and authentication for classified and unclassified networks.

Security & Compliance:

• Ensure PKI operations align with NSA Commercial Solutions for Classified (CSfC) policies, Zero Trust Architecture (ZTA), and other security frameworks.
• Conduct risk assessments, vulnerability scans, and certificate authority security audits.
• Support RMF (Risk Management Framework) accreditation and compliance efforts.

Incident Response & Troubleshooting:

• Lead PKI-related incident response efforts, including certificate revocation, key compromise, and forensic analysis.
• Provide Tier-3 support for cryptographic authentication issues.

Certifications (Preferred):

• CISSP (Certified Information Systems Security Professional)
• GIAC GPPA (GIAC Public Key Infrastructure and Certificate Management)
• Microsoft Certified: Identity and Access Administrator Associate
• Thales HSM Training Certification

Preferred Experience:

• Experience with IT policies, secure enclave authentication, and classified/unclassified PKI implementations.
• Working knowledge of SCEP, OCSP, CRL, and automated certificate renewal.

• Integration of PKI with VPN, VDI, and endpoint security solutions.

• Experience in FBI, DOJ, or other federal IT security programs.

Compensation and Benefits:

At NDi, we value our team and are committed to retaining top talent by offering competitive benefits and compensation packages. Our employee benefits package includes comprehensive health, dental, vision, pet, and legal insurance. Our corporate benefits include 401(k) retirement matching, paid leave, paid holidays, and health and wellness programs. In addition, we provide employer-paid life and disability insurance, professional development, education benefits, and much more to ensure our team has the resources they need to thrive on and off the job.

Veterans First Commitment:

As a Service-Disabled Veteran-Owned Small Business (SDVOSB), NDi is dedicated to hiring veterans and providing a supportive work environment that honors their service while recognizing the unique skills and experiences they bring to our organization.

Commitment to Diversity: NDi is an Equal Opportunity Employer. We are committed to creating a diverse environment and are proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran or military status, citizenship, national origin, or any other basis prohibited by law in all phases of the employment process and compliance with applicable federal, state, and local laws and regulations. As a federal government contractor, NDi complies with all applicable affirmative action requirements.

Apply Now: Take advantage of this unique opportunity to join one of the fastest-growing companies in Federal contracting!